basically i want to be able to search if users have visited sites that are listed in phishtank.
The Phishing Lookup app will enable this use case for you.
View solution in original post
Right you are, @martin_mueller, I'll ping the blog post author and ask him to fix the link.
The link in that blog is broken, apparently http://apps.splunk.com/app/995/ is correct... there's a colon missing after http.
http
This would make a great TA. If I have time I might even have a go a writing one myself.
Sounds like a job for a scripted lookup. Write a script that performs a query against whatever API phishtank has, and set that up as a lookup for your data.
